HarvardKey provides applications with a default level of authorization through implementation of an authorization filter. When a user attempts to log into your application, HarvardKey first authenticates them and then determines if they are a member of the application’s authorization filter group in Grouper. Every application integrating with HarvardKey is required to have an authorization filter. See the HarvardKey Application Integration Policy for more information The filter may either be a generic authorization filter, maintained by IAM, or an application-specific authorization filter, maintained by the application team. For general information on authorization filters, please see Application Authorization using HarvardKey and IAM Group Services.
Generic authorization filters may be used by multiple applications. They are created from one or more IAM Reference Groups. Reference Groups are institutionally meaningful cohorts of the Harvard community based on their various affiliations with the University, for example students or faculty. Only people with a current Harvard affiliation are included in Reference Groups. All authorization filters block users in the University “excluded users” group, a centrally-managed collection of users that are not permitted to access any HarvardKey-protected applications.
Steps to Select an Authorization Filter for your Application
- Review the categories of users who will use your application
- Review the list of generic authorization filters available
-
Indicate your selections on the HarvardKey Integration Registration form
- If none of the generic authorization filters meet your needs, select the option “An appropriate authorization filter does not exist for my application. Please assist me in creating a new filter." on the Registration form. IAM can partner with you to either create an application-specific filter for your population, or a new generic authorization filter if the population may be meaningful for other applications to use.
Categories of Users for your Application
When choosing an authorization filter for your application, consider the broad categories of users listed below for whom reference groups are available. In addition to categories focused on role type, filters can include restrictions by School/Unit or Department.
Employees
-
Employees of all types – staff, faculty, post-docs, temporary, part-time and student employees
-
Faculty (F, J) – Ladder faculty (senior & junior)
-
Staff (A, S) – Administrative, professional and support staff
-
Service Trade (U, L) - Service and trade hourly and part-time employees
-
Other Academics (O) – Non-ladder and visiting faculty, research fellows and associates, academic deans, directors, affiliates, etc
-
Temporary Academics (C)
-
Special Exclusion (B)
-
Postdocs (Y, N, Z) - Internal and External Post-Docs
-
Temporary Staff (T) – Non-student temporary staff including temps and LHTs
-
Interns (E)
-
Student Employees (G, D, W) – Graduate student appointments, student temps and temp off-campus work-study
-
Graduate Student Fellowship Recipients (H)
Students
- Registered Students (R,EG,EP) - Registered degree-seeking and non-degree seeking students
-
Pending Students (P) - Students pending enrollment
-
Students with Admissions Offer Extended (AE)
-
Students with Deferred Admission (DF)
-
Students on Leave of Absence (LA)
-
Study Abroad (SA)
-
On Leave Paying Facilities Fees (LF)
-
Special Program (SP)
Other HUID Holders
-
Harvard Sponsored Roles:
-
Individually sponsored roles (previously called Authorized POI): including Restricted Harvard Sponsored Role types and Workforce Sponsored Roles (Consultants and Contingent Workers)
-
Departmentally sponsored roles (Delegate Payers, Retirees, Smithsonian employees, HLS external affiliates).
-
See the Quick Guide for Harvard Sponsored Role Types for a description of the role types.
-
-
Library borrowers: Library borrowers from Widener, Loeb and Countway libraries. Includes special borrowers, research assistants and library donors
-
Class Participants: Active participants in non-degree program
Alumni
-
Alumni - Harvard degree holders, including honorary
-
Alumni Associate Members – Harvard non-degree holder, or certificate holder
-
Alumni Program Participant – Harvard non-degree holder that does not qualify for Associate Membership (e.g., Exec Ed)
Public
-
Includes non-HUID holders (HarvardKey Light users) and HUID holders with no active role
Generic Authorization Filters
The tables below lists generic authorization filters currently offered by HarvardKey. They are organized into Red, Orange, Yellow and Green affiliation and assurance tiers and school-specific.
*Unless a filter explicitly includes Alumni, alumni users can access the application only if they have another Harvard affiliation that is included in the filter. To enable your application to allow Alumni access, please request approval from Alumni Affairs and Development (AA&D)
RED TIER
|
Authorization Filter Name
|
Included User Groups
|
| authorized-users-assurance-tier-red | Includes current registered and study abroad students in degree programs (Student status-codes Registered-R,EG,EP and Degree is not XX). All current paid employees except External Postdoctoral (Employee Pay status = Y and employee class-codes Admin and Professional-A, Support Staff-S, Temporary Staff-T, Temporary Student-D, Temporary Off Campus Work Study-W, Intern-E, Senior and Junior Faculty-FJ, Temporary and Other Academic-CO, Graduate Student-G, TAs and Other Staff-I, Internal Post Docs-Y, Hourly and Part-time Service and Trade-UL, and Exclusion-B). Current Harvard Sponsored Roles of types Consultant and Contingent Worker. |
| authorized-users-employees-paid | Includes all current paid employees of any classification. |
ORANGE TIER
| authorized-users-assurance-tier-orange | Includes all members in the Red Affiliation & Assurance Tier group, plus current students on leave of absence and pending students (Student status-code On Leave-LA, On Leave Paying Facilities Fees-LF, and Pending-P). Current External Postdocs (Employee class-code Ext Post Docs Harvard Research-Z, External Post Docs NHR-N). Current unpaid employees (Employee Pay status = N and employee class-codes Admin and Professional-A, Support Staff-S, Temporary Staff-T, Temporary Student-D, Temporary Off Campus Work Study-W, Intern-E, Senior and Junior Faculty-FJ, Temporary and Other Academic-CO, Graduate Student-G, TAs and Other Staff-I, Internal Post Docs-Y, Hourly and Part-time Service and Trade-UL, and Exclusion-B). Current Harvard Sponsored Roles of types Incoming Employee/Transfer, Research Collaborator, Overseer, Hospital Administrator, Extended Affiliate, Retiree and Surviving Partner. |
| authorized-users-assurance-tier-orange-with-alumni | * Includes all members in authorized-users-assurance-tier-orange, plus Alumni of role type ALUMNI who have claimed their HarvardKey. Does not include Alumni types of Associate Members or Program Participants. |
| authorized-users-employees | Includes all current employees of any employee classification, paid and un-paid. |
| authorized-users-employees-incoming-employees | Includes current employees of any classification, plus Harvard Sponsored Role of type Incoming Employees/Transfer. |
| authorized-users-faculty-staff | Includes all current faculty (employee class-codes Senior Faculty-F, Junior Faculty-J and Other Academic-O) and staff (employee class codes Admin and Professional-A, and Support Staff-S). |
| authorized-users-employees-retirees |
Includes all current employees of any classification, plus Harvard Sponsored Role of type Retiree. |
| authorized-users-employees-consultants-contractors | Includes current employees of any classification, plus Harvard Sponsored Role of types Consultant and Contingent Worker (previously Contractor). |
| authorized-users-employees-consultants-contractors-alumni |
* Includes current employees of any classification, Harvard Sponsored Role of types Consultant and Contingent Worker (previously Contractor), and Alumni of role type ALUMNI who have claimed their HarvardKey. Does not include Alumni types of Associate Members or Program Participants. |
| authorized-users-alumni | * Includes alumni in all schools and who have claimed a HarvardKey. |
YELLOW TIER
|
Authorization Filter Name
|
Included User Groups |
| authorized-users-assurance-tier-yellow | Includes all members in the Red and Orange Affiliation & Assurance Tier groups, plus admitted and deferred students and active class participants (Student status-code Admissions Offer Extended-AE, Deferred Admission-DF, Active Class Participant-A), and non-degree students (Degree is XX). Current Harvard Sponsored Roles of type Academic Advisor, AA&D Affiliate, External Administrative Affiliate, Interschool Affiliate, External Core Customer, Field Education Supervisor, Family Member/Family Support, Tenant, Vendor, Visitor, Volunteer, HMC Employee, SAO Employee, Security Service Provider, UHS Dependent, and Other. Current library borrowers of any type from Widener, Loeb and Countway libraries. |
| authorized-users-assurance-tier-yellow-with-alumni | * Includes all members in authorized-users-assurance-tier-yellow, plus Harvard Alumni types Alumni, Associate Members, and Program Participants who have claimed a HarvardKey. |
| authorized-users-employees-sponsoredroles |
Includes all current employees of any classification, and all Harvard Sponsored Roles except Retirees. |
| authorized-users-employees-students-sponsoredroles |
Includes current employees of any classification, students, and all Harvard Sponsored Roles except Retirees. |
| authorized-users-employees-students-classparticipants-sponsoredroles |
Includes current employees of any classification, students, class participants, and all Harvard Sponsored Roles except Retirees. |
| authorized-users-employees-students-class-participants-sponsored-roles-retirees |
Includes current employees of any classification, students, class participants, and all Harvard Sponsored Roles including Retirees. |
| authorized-users-employees-students-class-participants-sponsored-roles-alumni |
* Includes current employees of any classification, students, class participants, all Harvard Sponsored Roles except Retirees, and Alumni of role type ALUMNI who have claimed their HarvardKey. Does not include Alumni types of Associate Members or Program Participants. |
| authorized-users-nontemp-employees-students | Includes all current non-temporary employees and students. |
| authorized-users-nontemp-employees-students-class-participants |
Includes all current non-temporary employees, students, and class participants. |
| authorized-users-nontemp-employees-registered-students | Includes all current non-temporary employees and registered students. |
| authorized-users-employees-students-consultants-contractors | Includes all current employees of any classification, students, and Harvard Sponsored Role types Consultant and Contingent Worker (previously Contractor). |
| authorized-users-employees-students-class-participants-consultants-contingent-workers | Includes all current employees of any classification, students, class participants, and Harvard Sponsored Roles types Consultant and Contingent Worker. |
| authorized-users-employees-consultants-contractors-vendors | Includes all current employees of any classification, and Harvard Sponsored Roles types Consultant, Contingent Worker, and Vendor. |
| authorized-users-employees-paid-consultants-contingent-workers-vendors | Includes all current paid employees of any classification and Harvard Sponsored Roles types Consultant, Contingent Worker, and Vendor. |
| authorized-users-employees-paid-consultants-contingent-workers-vendors-collaborators | Includes all current paid employees of any classification and Harvard Sponsored Roles types Consultant, Contingent Worker, Vendor, and Research Collaborator. |
| authorized-users-employees-consultants-contingent-workers-alumni-assocmembers-progparticipants | * Includes current employees of any classification, Harvard Sponsored Role of types Consultant and Contingent Worker, and Harvard Alumni types Alumni, Associate Members, and Program Participants, who have claimed a HarvardKey. |
| authorized-users-students-employees-consultants-contingent-workers-alumni | * Includes all current employees of any classification, students, Harvard Sponsored Role types Consultant and Contingent Worker, and Alumni role type Alumni, who have claimed a HarvardKey. |
| authorized-users-students-employees-consultants-contingent-workers-alumni-assocmembers-progparticipants | * Includes current students, employees of any classification, Harvard Sponsored Role types Consultant and Contingent Worker, and Harvard Alumni types Alumni, Associate Members, and Program Participants, who have claimed a HarvardKey. |
| authorized-users-students-registered-pending | Includes all registered and pending students. |
Green Tier
Any user with a HarvardKey or HarvardKey Light account can access your system regardless of whether they have an active role at the University except for users in the University Excluded Users group, a centrally-managed collection of users that are not permitted to access any HarvardKey-protected applications.
For applications with risk or data levels above 1, this option may only be selected if the application has appropriate local authorization in place to ensure that lower assurance users are only permitted to access their own data and are not granted administrative privileges.
School or Department Specific Generic Authorization Filters
|
Authorization Filter Name
|
Included User Groups |
| Central Administration (CA) | |
| authorized-users-ca-all | Includes all employees and Harvard Sponsored Roles, except Retirees, in Harvard Central Administration (CA). |
| authorized-users-huit-all | Includes all employees and Harvard Sponsored Roles, except Retirees, in Harvard University IT (HUIT). |
| authorized-users-huit-employees-consultants-contingent-workers | Includes all employees and Harvard Sponsored Roles of type Consultants and Contingent Workers in Harvard University IT (HUIT). |
| authorized-users-huit-iam-all | Includes all employees and Harvard Sponsored Roles, except Retirees, in HUIT Identity and Access Management (IAM). |
| Faculty of Arts and Sciences (FAS) | |
|
authorized-users-fas-all
|
Includes all current students, class participants, employees and Harvard Sponsored Roles, except Retirees, in FAS.
|
| Graduate School of Arts and Sciences (GSAS) | |
| authorized-users-gsas-students-registered | Includes current registered students in GSAS. Student status-codes Registered-R,EG,EP. |
| gsas-students-registered-incl-onleave | Includes current registered students in GSAS, including students on leave. Student status-codes Registered-R,EG,EP, On Leave Paying Facilities Fees-LF, and Leave of Absence-LA. |
| Graduate School of Design (GSD) | |
|
authorized-users-gsd-all
|
Includes all current students, class participants, employees and Harvard Sponsored Roles, except Retirees, in GSD.
|
| Graduate School of Education (GSE) | |
|
authorized-users-gse-all
|
Includes all current students, class participants, employees and Harvard Sponsored Roles, except Retirees, in GSE.
|
| authorized-users-gse-employees-excl-faculty | Includes all current employee classifications except Senior and Junior Faculty, in GSE. |
| Harvard Art Museums (HAM) | |
| authorized-users-ham-employees | Includes all current employees in the Harvard Art Museums (HAM). |
| Harvard Divinity School (HDS) | |
| authorized-users-hds-employees-sponsoredroles |
Includes all employees, including temporary, and Harvard Sponsored Roles in HDS. |
| authorized-users-hds-employees-sponsoredroles-other-staff | Includes all employees, including temporary, and Harvard Sponsored Roles in HDS, plus other non-HDS shared services staff as identified by HDS. |
| authorized-users-hds-students-employees-sponsoredroles-other-staff | Includes all students, and employees, including temporary, and Harvard Sponsored Roles in HDS, plus other non-HDS shared services staff as identified by HDS. |
| Harvard Law School (HLS) | |
|
authorized-users-hls-all
|
Includes all current students, class participants, employees and Harvard Sponsored Roles, except Retirees, in HLS.
|
| authorized-users-hls-all-and-alumni | * Includes all current students, class participants, employees, Harvard Sponsored Roles, except Retirees, Extended Affiliates, and Alumni in HLS. |
|
authorized-users-hls-employees
|
Includes all current employees in HLS.
|
|
authorized-users-hls-employees-sponsoredroles
|
Includes all current employees and Harvard Sponsored Roles, except Retirees, in HLS.
|
|
authorized-users-hls-employees-students
|
Includes all current employees and Students in HLS.
|
| Harvard Medical School (HMS) | |
|
authorized-users-hms-all
|
Includes all current students, class participants, employees and Harvard Sponsored Roles, except Retirees, in HMS. Does not include the School of Dental Medicine (SDM).
|
|
authorized-users-hms-employees
|
Includes all current employees in HMS. Does not include the School of Dental Medicine (SDM).
|
| Harvard Medical School (HMS) and Harvard School of Dental Medicine (SDM) | |
|
authorized-users-hms-sdm-all
|
Includes all current students, class participants, employees and Harvard Sponsored Roles, except Retirees, in HMS and SDM.
|
| Harvard T.H.Chan School of Public Health (HSPH) | |
| authorized-users-sph-all | Includes all current students, class participants, employees and Harvard Sponsored Roles, except Retirees, in HSPH. |
| authorized-users-sph-all-employees | Includes all current employees of any employee classification, including temporary, in HSPH. |
| authorized-users-sph-all-employees-sponsoredroles | Includes all current employees of any employee classification, including temporary, and Harvard Sponsored Roles in HSPH. |
| authorized-users-sph-faculty-staff | Includes all current faculty and staff in HSPH. Includes faculty (employee class-codes Senior Faculty-F, Junior Faculty-J and Other Academic-O) and staff (employee class codes Admin and Professional-A, and Support Staff-S). |
| authorized-users-sph-staff | Includes all current staff in HSPH. Includes employee class-codes Admin and Professional-A, and Support Staff-S. |
| authorized-users-sph-employees-students-class-participants | Includes all employees of any employee classification, including temporary, students and class participants in HSPH. |
| Harvard University Health Services (HUHS) and Harvard University Information Technology (HUIT) | |
|
authorized-users-huhs-huit-employees-sponsoredroles
|
Includes all current employees and Harvard Sponsored roles in HUHS and HUIT.
|
| authorized-users-huhs-huit-employees-consultants-contingentworkers | Includes all employees and Harvard Sponsored Roles of type Consultant and Contingent Worker, in HUHS and HUIT. |